However,
rblsmtpd does not invoke
prog if it is told to block mail from this client. Instead it carries out its own limited SMTP conversation, temporarily rejecting all attempts to send a message. Meanwhile it prints one line on descriptor 2 to log its activity.

rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the client has not quit by then.

If the $RBLSMTPD environment variable is set and is nonempty,
rblsmtpd blocks mail. It uses $RBLSMTPD as an error message for the client. Normally
rblsmtpd runs under
tcpserver(1);
you can use
tcprules(1)
to set $RBLSMTPD for selected clients.

If $RBLSMTPD is set and is empty,
rblsmtpd does not block mail.

If $RBLSMTPD is not set,
rblsmtpd looks up $TCPREMOTEIP in the RBL, and blocks mail if $TCPREMOTEIP is listed.
tcpserver sets up $TCPREMOTEIP as the IP address of the remote host.

-r base

Use
base as an RBL source. An IP address
a.b.c.d is listed by that source if
d.c.b.a.base has a TXT record.
rblsmtpd uses the contents of the TXT record as an error message for the client.

-a base

Use
base as an anti-RBL source. An IP address
a.b.c.d is anti-listed by that source if
d.c.b.a.base has an A record. In this case
rblsmtpd does not block mail.

You may supply any number of
-r and
-a options.
rblsmtpd tries each source in turn until it finds one that lists or anti-lists $TCPREMOTEIP. It also tries an RBL source of rbl.maps.vix.com if you do not supply any
-r options. See http://maps.vix.com/rbl/ for more information about rbl.maps.vix.com.

If you want to run your own RBL source or anti-RBL source for
rblsmtpd, you can use
rbldns from the DNScache (djbdns) package.

Temporary errors

Normally, if $RBLSMTPD is set,
rblsmtpd uses a 451 error code in its limited SMTP conversation. This tells legitimate clients to try again later. It gives innocent relay operators a chance to see the problem, prohibit relaying, get off the RBL, and get the mail delivered.

However, if $RBLSMTPD begins with a hyphen,
rblsmtpd removes the hyphen and uses a 553 error code. This tells legitimate clients to bounce the message immediately.

There are several error-handling options for RBL lookups:

-B

(Default.) Use a 451 error code for IP addresses listed in the RBL.

-b

Use a 553 error code for IP addresses listed in the RBL.

-C

(Default.) Handle RBL lookups in a fail-open mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked.

-c

Handle RBL lookups in a fail-closed mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate mail.